某局点F1070防火墙新产生的日志logbuffer中不显示问题处理经验案例

不涉及

某局点F1070防火墙之前客户人为的把设备系统时间修改为6月份运行过一段时间，当时运行都正常，logbuffer 也能正常看到系统日志，但是后面为了校准时间，把设备时间改回正常的3月份，但是发现改完时间之后，dis logbuffer 里面不再显示新的系统日志，一直保持在6月份的系统日志。

查看设备的时间：

dis diagnostic-information

Save or display diagnostic information (Y=save, N=display)? [Y/N]:n

===============================================
  ===============display clock=============== 
19:48:00 beijing Mon 03/19/2018

Time Zone : beijing add 08:00:00

查看dis logbuffer ，日志都是6月份的日志：
  ===============display logbuffer=============== 
Log buffer: Enabled

Max buffer size: 1024

Actual buffer size: 512

Dropped messages: 1487

Overwritten messages: 84932

Current messages: 512

%Jun  3 21:42:28:551 2018 ZW SSHS/6/SSHS_CONNECT: SSH user admin_cloud (IP: x.x.x.x) connected to the server successfully.

%Jun  3 21:42:29:759 2018 ZW SHELL/5/SHELL_LOGIN: admin_cloud logged in from x.x.x.x

%Jun  4 14:23:49:367 2018 ZW NTP/5/NTP_CHANGE_LEAP: System Leap Indicator changed from 3 to 0 after clock update.

%Jun  4 14:23:49:367 2018 ZW NTP/5/NTP_CHANGE_STRATUM: System stratum changed from 16 to 3 after clock update.

%Jun  4 14:24:22:185 2018 ZW SHELL/6/SHELL_CMD: -Line=vty0-IPAddr=x.x.x.x-User=admin_cloud; Command is dis clock

%Jun  4 14:24:49:815 2018 ZW SHELL/6/SHELL_CMD: -Line=vty0-IPAddr=x.x.x.x-User=admin_cloud; Command is dis ntp-service trace

%Jun  4 14:25:52:140 2018 ZW SHELL/6/SHELL_CMD: -Line=vty0-IPAddr=x.x.x.xUser=admin_cloud; Command is qu

%Jun  4 14:26:02:150 2018 ZW CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=306-CommandSource=snmp-COnfigSource=startup-COnfigDestination=running; Configuration is changed.

==========================================================
  ===============display mdc=============== 
ID         Name            Status

1          Admin           active

收集设备的logfile文件信息查看，发现3月份的日志都保存在logfile文件中

%@294062%Mar 19 20:46:45:361 2018 ZW SSHS/6/SSHS_CONNECT: SSH user admin_cloud (IP: x.x.x.x) connected to the server successfully.

%@294063%Mar 19 20:46:46:565 2018 ZW SHELL/5/SHELL_LOGIN: admin_cloud logged in from x.x.x.x.

%@294064%Mar 19 20:46:51:350 2018 ZW SHELL/6/SHELL_CMD: -Line=vty0-IPAddr=x.x.x.x-User=admin_cloud; Command is dis logbuffer

%@294065%Mar 19 20:47:08:474 2018 ZW SHELL/6/SHELL_CMD: -Line=vty0-IPAddr=x.x.x.x-User=admin_cloud; Command is sys

%@294066%Mar 19 20:47:09:456 2018 ZW SHELL/6/SHELL_CMD: -Line=vty0-IPAddr=x.x.x.x-User=admin_cloud; Command is dis th

%@294067%Mar 19 20:50:02:042 2018 ZW SHELL/6/SHELL_CMD: -Line=vty0-IPAddr=x.x.x.x-User=admin_cloud; Command is qu

%@294068%Mar 19 20:50:02:576 2018 ZW SHELL/6/SHELL_CMD: -Line=vty0-IPAddr=x.x.x.x-User=admin_cloud; Command is qu

%@294069%Mar 19 20:50:02:578 2018 ZW SHELL/5/SHELL_LOGOUT: admin_cloud logged out from x.x.x.x

%@294070%Mar 19 20:50:02:648 2018 ZW SSHS/6/SSHS_DISCONNECT: SSH user admin_cloud (IP: x.x.x.x) disconnected from the server.

最终定位由于之前手动修改的时间大于目前系统的时间，logbuffer模块比较之前的日志记录，对比新的log记录时间，由于logbuffer是有条数限制的，将时间旧的log丢弃，
所以没有显示在logbuffer中。
Logfile是会记录所有日志的，所以没有将其丢弃。

通过释放logbuffer （reset logbuffer）之后，已能正常看到3月份日志。